Security considerations
- 23 Jan 2025
- 1 Minute à lire
- SombreLumière
- PDF
Security considerations
- Mis à jour le 23 Jan 2025
- 1 Minute à lire
- SombreLumière
- PDF
The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article
Avez-vous trouvé ce résumé utile ?
Merci pour vos commentaires
As of Authentication Suite Server SDK 4.0.1, software DPX files and software BLOB data can be encrypted using AES with 256-bit keys or 3DES with 112-bit keys.
We strongly recommend to use AES with 256-bit keys for both, software DPX file encryption and software BLOB encryption for the following reasons:
The potential advent of cryptographically-relevant quantum computers (CRQC) enables novel attacks against sensitive data which are not possible with traditional, non-quantum computers. Cryptographically-relevant quantum computers are quantum computers that can run algorithms to break or weaken existing, classical cryptographic algorithms.
An example of such a novel attack is the 'harvest now, decrypt later' attack, where adversaries collect today’s encrypted data and keep it until they acquire a quantum computer that can decrypt it in the future. To protect data that needs to remain confidential well into the future against such novel attacks, today’s data should already be encrypted with quantum-resistant cryptographic algorithms, such as AES-256.
Standards related to key management recommend the usage of AES to protect data that requires long-term protection, and recommend using keys with a length of at least 128 bits.
NIST Special Publication (SP) 800-57 Part 1, "Recommendation for Key Management", advises to use AES to encrypt data that needs to remain secure beyond 2030.
Available at (last accessed in November 2024): https://csrc.nist.gov/pubs/sp/800/57/pt1/r5/final
ANSSI’s Guide about Cryptographic Mechanisms, referred to as ANSSI-PG-083, recommends to use AES keys with at least 128 bits as from 2026.
Available at (last accessed in November 2024): https://cyber.gouv.fr/sites/default/files/2021/03/anssi-guide-mecanismes_crypto-2.04.pdf
The Technical Guideline TR-02102-1, "Cryptographic Mechanisms: Recommendations and Key Lengths", published by the German Federal Office for Information Security (BSI), advises to use AES with a key length of 256 bits, especially for applications with high or long-term protection requirements or long-living systems.
Available at (last accessed in November 2024): https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.html
- The usage of AES-256 does not introduce performance overhead.
Notwithstanding these recommendations, you should perform your own risk and compliance analysis to determine the most appropriate key length in your specific context.
Cet article vous a-t-il été utile ?